Two weeks ago, I posted a blog (and podcast) about my customization within Little Snitch which eliminates much of macOS's telemetry. Since then, my computer has had time to alert me to new process connection attempts which has extended my settings considerably. The following image displays a partial view of my current settings, which do not appear to break any vital macOS functions. Note that I added a few key privacy apps in order to display some optimal settings.

As an example, notice that Signal is allowed to connect to its own servers, but all else is blocked. This prevents URLs from being fetched when typed within a message. Linphone is allowed to connect to my VOIP providers, but not allowed to send any data to their own servers. KnockKnock is allowed to query VirusTotal, but not send any telemetry back to the provider. All Microsoft, Adobe, and VLC  connections are blocked.

EPISODE 229-Special: Apple neuralMatch

This is a special episode in which I attempt a rational explanation of both sides of the latest Apple child protection features.

Direct support for this podcast comes from sales of my books, services, and online training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.

SHOW NOTES:

INTRO:

Tim Conway Jr.

UPDATES:

None

APPLE NEURALMATCH:

Discussion

OSINT:

None

FRIDAY: Personal Data Removal Revisited

Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/3eCjp7J

Both Apple and Microsoft collect hundreds of user metrics when we use macOS and Windows operating systems. They receive constant data about the apps we open, our location, any network configurations, connected devices, and our overall behaviors. This is why I never associate an AppleID with my Macbook Pro. I install software through Brew and have no need for the App Store. This prevents Apple from storing telemetry from my computer within an Apple account which eliminates much of the privacy invasion. However, this does not prevent Apple from collecting data from my machine during every minute of usage. For that we need a network firewall such as Little Snitch or Lulu.

I have explained Little Snitch in my books and on my show. It is a premium ($) product which I have used for many years. Lulu is a free option which may also suffice for most users. For this demonstration, I explain my actions through Little Snitch, but you could probably replicate with Lulu. Never install both Little Snitch and Lulu! Pick only one.

Little Snitch allows us to block network connection within specific applications. I have previously explained how I block Microsoft Office and Adobe products from sending out any data during usage. This prevent Microsoft and Adobe from knowing the names of files I am creating, my IP address, and other sensitive data. This is the traditional purpose for apps such as Little Snitch. However, we can use these apps to minimize much of Apple's invassive telemetry if we are willing to push the balance of privacy versus functionality.

First, I modified Little Snitch's default system setting within the "Rules" menu. You cannot delete the rules which allow basic macOS and iCloud functionality, but you can disable them by unchecking the options as seen below. This will immediately prevent iCloud and online Apple services from functioning properly, but I don't mind. Since I do not have an Apple ID associated with my machine, I am not using iCloud anyway.

You will likely now begin receiving popup messages from Little Snitch asking if you want to allow specific connections, such as "itunescloudd" attempting to connect to icloud.com. Even if you never use iTunes, iCloud, or Apple Music, your Mac computer is constantly sending data to Apple servers about your online activities. I believe this should be blocked. Below are the various Apple services which I blocked. While I could have blocked "All" outgoing connections for these apps, I usually choose to only block the domain which is trying to be accessed. This way, I can be alerted if a new domain is trying to be reached. In the following screen captures, you can see that I am blocking data from being transmitted from the App Store, Find My App, Music, News, Notes, Podcasts, and Stocks. Obviously, you would not want to do this if you use any of these apps. I do not. Furthermore, I am blocking data from being transmitted by underlying services such as calendar, commerce, cloud, games, and parsce-fbf (Siri).

There were a few settings which I did not disable, such as trustd (confirms security certificates for apps), timed (synchronizes time), softwareupdated (updates operating system), and a few others. I also had a lot of connection problems when I completely blocked mDNSResponder. Therefore, I allowed my DNS (1.1.1.1) but blocked everything else, as seen below. This prevents Apple servers from receiving data sent from software but allows those applications to connect to the internet.

This does not prevent 100% of Apple telemetry, but it eliminates much of it. I do not claim that these settings are optimal or appropriate for everyone. I only share the Apple telemetry which I blocked without limiting any daily functionality for my usage. Expect several annoyances as you find your perfect settings. I plan to continue further manual blocks until I begin breaking things again. More details on my show this Friday.